Feat/wireguard example + UDP listener#101
Merged
Merged
Conversation
Capture the agreed design for examples/wireguard/: two symmetric wg-edge processes plus a wg-router service, single long-lived geminio stream with 2B length-prefix framing, UDP frontier transport, pair-id-based matching. Guides the upcoming implementation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Breaks the spec into 8 tasks: scaffold + Makefile, frame package (TDD), wg-edge binary, wg-router binary, udpping helper, demo script, README, and a manual smoke-test gate. Each task is bite-sized with full code and exact commands. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pulls in the latest geminio SDK plus transitive upgrades (x/crypto, x/net, x/sys, x/text, x/tools). Go toolchain directive tracks Go 1.24.13. Existing frontier and example code compile and tests pass unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Track whether OpenStream actually succeeded. When it did, reset the backoff to 1s before the next reconnect so a brief outage after a long healthy session does not inherit a 30s wait from earlier open failures. Addresses code-review feedback on commit 115cb85. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…arify pairing - Add closeAll(): drain waiting map, stop timers, close streams on shutdown per spec §8. - Rewrite matchOrPark's doc comment: the previous "reject third stream" wording misdescribed the code, which actually does arrival-order pairing. Arrival-order is intentional — reject semantics would break reconnect recovery (edge reconnects would be rejected instead of re-pairing after a transient fault). Addresses code-review feedback on commit bddc91a. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… UDP gap End-to-end verified working over TCP (frontier + wg-router + two wg-edges + two udpping processes): bidirectional UDP echo through the tunnel with stream pairing visible in router logs. The pion-wrapped UDP listener path in pkg/utils/listen.go accepts the connection but geminio's handshake times out; the branch's listener test only exercised Accept, not a full geminio session. Tracked as a frontier-framework issue, out of scope for this example. - wg-edge / wg-router default --frontier-network now tcp - demo.sh uses etc/frontier.yaml (TCP config) and plumbs FRONTIER_NET env var so UDP can be re-enabled once the framework fix lands - README grew a Status table, one-command demo recipe, and flag-table entries marking udp as experimental Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
demo.sh now branches on the host OS: - macOS: original udpping send/echo demo (unchanged). - Linux (root, with ip + wg + ping): create two temporary network namespaces, wire veth pairs to the host, run a wg-edge per namespace, configure a real wg0 peer with generated keypairs on 10.44.0.0/24, and verify end-to-end connectivity with ping before exiting. Self-cleans namespaces on exit. Adds --hold (keep running after verification) and --detach (run in background, redirect logs to a console.log file) flags. Environment overrides FRONTIER_BIN / FRONTIER_CFG / FRONTIER_NET / FRONTIER_*_ADDR so the script composes cleanly with non-default setups. README updated: Status table marks Linux netns verification as automated; one-command demo section documents the per-OS behavior and new flags. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Transitive: go-timer v2.2.1 → v2.2.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new
examples/wireguard/example that tunnels WireGuard UDPtraffic between two peers through a frontier instance, plus the
supporting UDP-listener work in
pkg/utils/listen.go(viapion/transport/v2) on which the frontier-UDP path rests.What's Changed
New example:
examples/wireguard/internal/frame/: 2-byte length-prefix codec, unit-tested under-raceedge/:wg-edgedaemon — listens UDP locally for a WireGuard peer,opens one long-lived geminio stream to the router, shuttles datagrams
as length-prefixed frames, with reopen loop + exponential backoff
reset after a healthy session
router/:wg-routerservice — accepts streams, pairs by first-framepair-id, bridges matched pairs verbatim; cleans up pending streams on
shutdown
cmd/udpping/: minimal UDP send/echo helper for demo without real WGscripts/demo.sh: one-command local demo. On macOS runs theudpping send/echo pair; on Linux (root +
ip/wg) creates twotemporary netns, brings up real
wg0peers on10.44.0.0/24, andverifies end-to-end with
pingREADME.md: quickstart, flag tables, real-WG walkthrough, and astatus table that honestly marks the UDP frontier transport as
experimental (see below)
Makefilefollows the conventions inexamples/{rtmp,iclm,chatroom}Frontier UDP listener (base commit)
pkg/utils/listen.goviapion/transport/v2/udpetc/frontier_udp.yamland a smoke testNote: the UDP listener path accepts connections but the geminio
handshake over it currently times out end-to-end. The example's default
--frontier-networkis thereforetcpand the example flag-tables markudpas experimental. The listener work is kept so the fix (likely atthe pion ↔ geminio boundary) can land incrementally without reverting
the scaffolding. Tracked as a separate framework issue.
Dependency bumps
github.com/singchia/geminio→v1.3.0-rc.2singchia/go-timer v2.2.2, and go.mod/go.sum for pionDesign docs
docs/superpowers/specs/2026-04-21-wireguard-example-design.mddocs/superpowers/plans/2026-04-23-wireguard-example.mdTest plan
go build ./...cleango test ./examples/wireguard/internal/frame/... -racepassgo vet ./examples/wireguard/...cleandemo.shend-to-end: bidirectional UDP echo through frontier+router+two edges+two udpping processesdemo.shpath verified (requires root on a Linux host)iperf3 -c ...over real wg0 through the tunnel measured at ~70 Mbps on test VPS